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WHAT IS CLAIMED IS: 

1 . A method of securing content stored on media, the method comprising: 

attaching content privileges to the media, wherein the privileges govern a plurality of 

levels of access; and 
configuring the media to permit access to the content according to the content 

privileges and predetermined conditions, 

2. The method of claim 1 wherein one of the levels of access to the content includes at 
least one of playback, copying and manipulating of the content. 

3. The method of claim 2 wherein the copying of content includes copying one of a 
Hmited number and an unlimited number of copies of pre-recorded content. 

4. The method of claim 3 wherein the unlimited number of copies relates to one of an 
original source of the content being copied and a copied original source of the content being 
copied. 

5. The method of claim 1 wherein the predetermined conditions include one or more of: 
authenticating a channel for delivery of the content; and 

checking a revocation list for a revoked indicator before permitting access, wherein 
presence of the revoked indicator precludes permitting access. 

6. The method of claim 1 wherein the attached content privileges operate with a data 
management system wherein the content is stored on the media, the management system 
managing access to the content. 

7. The method of claim 6 wherein the data management system includes firmware 
located in a controller, the firmware including at least a secure application programming 
interface (API) and an open API, wherein: 

the open API allows access to file system data on the media; and 
the secure API allows access to secure data on the media according to one or more 
identifiers on the media. 
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1 8. The method of claim 7 wherein the secure API includes a first secure API and one or 

2 more additional secure APIs, the first secure API operable with the one or more additional 

3 secure APIs, the one or more additional secure APIs providing additive layers of security, the 

4 first secure API controlling access to the content with the additive layers of security. 

1 9. The method of claim 7 wherein the firmware is included on an application specific 

2 integrated circuit (ASIC). 

1 10. The method of claim 6 wherein the data management system manages content access 

2 via at least one application programming interface (API), the API restricting access to the 

3 media by a host. 

w3 1 11. The method of claim 1 0 wherein the API is capable of preventing block level access 

^p 2 to the content. 

f3 1 12. The method of claim 10 wherein the API is accessible only via an authenticated 

2 channel. 

i:j 1 13. The method of claim 1 wherein the media is portable media, including an optical disk 

2 and the content includes one or more of mastered content, recorded content, copied content 

3 and unlocked content and locked content. 

1 14, The method of claim 7 wherein the identifier provides a seed for a key box, the key 

2 box providing keys for at least one of unlocking data and decrypting content. 

1 15. The method of claim 1 4 wherein the media holds one or more of mastered content and 

2 recorded content, the mastered content and the recorded content each being associated with a 

3 key box, the key box being bound to the media. 

1 16. The method of claim 1 5 wherein the mastered content and the recorded content, 

2 together with their associated key boxes each provide a complete accessing system. 
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1 1 7. The method of claim 1 5 wherein the key box may be unbound from a first media and 

2 rebound to a second media to create a to a complete accessing system on the second media 

3 with the key box bound thereto. 

1 18. An apparatus for securing content stored on media, the apparatus comprising: 

2 at least one tool for transferring content onto the media, the tool configured to attach a 

3 plurality of levels of access, wherein content privileges and predetermined 

4 conditions govern access to the content. 

1 1 9, The apparatus of claim 18, further comprising: 

2 a dongle coupled to the tool, the dongle configured to bind a key box to the media. 

1 20. The apparatus of claim 19 further comprising: 
S 2 an application specific integrated circuit (ASIC) coupled to the dongle, and 

%S 3 a random key generator embedded with the ASIC, the random key generator 

Q 4 providing at least one secret key for the media. 

S 1 21. The apparatus of claim 1 8 wherein the content privileges include at least one or more 

O 2 of playback, copying and manipulating of the content. 

1 22, The apparatus of claim 21 wherein the content privilege of copying of content 

2 includes copying a limited number of copies of specified content. 

1 23. The apparatus of claim 1 8 wherein the predetermined conditions include one or more 

2 of: 

3 authenticating a channel for delivery of the content; and 

4 checking a revocation hst for a revoked indicator before permitting access, wherein 

5 presence of the revoked indicator precludes permitting access. 



1 24. The apparatus of claim 1 8 wherein the attached content privileges operate with a data 

2 management system wherein the content is stored as block data on the media, the 

3 management system managing the block data via firmware on the apphcation specific 

4 integrated circuit (ASIC) that prevents access to the content outside of the firmware. 

-115- 

792401 vl 

Client Reference: DPI 75 



Attorney Docket No M-1 2043 US 



1 25. The apparatus of claim 24 wherein the ASIC is located in a controller, the firmware 

2 on the ASIC including at least a secure application programming interface (API) and an open 

3 API, wherein: 

4 the open API allows access to file system data on the media; and 

5 the secure API allows access to secure data on the media according to one or more 

6 identifiers on the media, 

1 26. The apparatus of claim 25 wherein the secure API includes a first secure API and one 

2 or more additional secure APIs, the first secure API operable with the one or more additional 

3 secure APIs, the one or more additional secure APIs providing additive layers of security, the 

4 first secure API controlling access to the content with the additive layers of security. 

1 27. The apparatus of claim 24 wherein the firmware manages content access via at least 

2 one application programming interface (API), the API preventing block level access to the 

3 media by a host. 

1 28. The apparatus of claim 27 wherein the API prevents block level access to the content 
W 2 via a host. 

\ 29. The apparatus of claim 27 wherein the API is accessible only via an authenticated 

2 channel. 

1 30. The apparatus of claim 1 8 wherein the media is portable media, including an optical 

2 disk and the content includes one or more of mastered content, recorded content, copied 

3 content and unlocked content and locked content. 

1 31. The apparatus of claim 25 wherein the identifier provides a seed for a key box, the 

2 key box providing keys for at least one of unlocking and decrypting data. 

1 32. The apparatus of claim 3 1 wherein the media holds one of mastered and recorded 

2 content, the mastered and recorded content together with their associated key boxes each 

3 providing a complete accessmg system. 
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33. The method of claim 3 1 wherein the key box may be unbound from a first media and 
rebound to a second media to create a to a complete accessing system on the second media 
with the key box bound thereto. 

34. A method for mastering secure pre-recorded content comprising: 
encrypting the pre-recorded content; and 

binding a key box and one or more identifiers to a media disk, the key box configured 
to use the identifier with the key box, wherein the identifiers include one or 
more of a complete identifier and a partial identifier, the partial identifier 
requiring completion via a secondary transaction prior to using the key box. 

3 5 . The method of claim 34 wherein the key box is configured to provide keys for 
operating a triple-DES block, the triple-DES block receiving an output of a random key 
generator, the random key generator being seeded by the completed identifier from the media 
disk, the triple-DES block using the completed identifier with the key box for decrypting and 
encrypting the content. 

36. The method of claim 34 wherein the identifiers include public and private identifiers. 
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